Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to restrict the direct access of folder jsf pages in a JSFWebaplication

 
sridhar chowdary avulapati
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I need help regarding restrict direct access off jsf pages in a application.

My jsf pages are placed in pages folder under Web-root directory

I want to access jsf pages throught the application flow only not direct access.

Ex: when i am enter this url in address bar http://localhost:8090/jsf/

it displays the related jsf page

but when i enter http://localhost:8090/jsf/pages/inputname.jsf at present it allowed how to restrict the direct access.

I need to restrict the direct access of jsf pages in pages foler.

I am using JBoss 5.1.

index.jsp

<html>
<body>
<jsp:forward page="/pages/inputname.jsf" />
</body>
</html>


web.xml

<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>

<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>

<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>

<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup> 1 </load-on-startup>
</servlet>


<!-- Faces Servlet Mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>

</web-app>


faces-config.xml


<?xml version="1.0"?>
<!DOCTYPE faces-config PUBLIC
"-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
"http://java.sun.com/dtd/web-facesconfig_1_1.dtd">

<faces-config>
<navigation-rule>
<from-view-id>/pages/inputname.jsp</from-view-id>
<navigation-case>
<from-outcome>greeting</from-outcome>
<to-view-id>/pages/greeting.jsp</to-view-id>
</navigation-case>
</navigation-rule>
<managed-bean>
<managed-bean-name>personBean</managed-bean-name>
<managed-bean-class>jsfks.PersonBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
</faces-config>


Please help me.

Regards,
Sridhar









 
Tim Holloway
Saloon Keeper
Pie
Posts: 18094
48
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All URL requests are "direct access" whether you type them in via the browser's navigation bar, they come in via AJAX, or an HTML GET/POST request. The server has no way of knowing the ultimate origin of a URL request.

So in that sense, you can't do anything.

However, if the idea is to preserve a workflow, you can verify the context at each stage to ensure that the preceding stages were satisfied and redirect back to the start page if they weren't.
 
rudresh kumar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can place /pages folder under WEB-INF folder.

resources under WEB-INF cannot be accessed directly

Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic